I am trying to build a AWS lambda based application with AWS SAM. while deployment, I have noticed that one of the IAM Policy created for lambda has wrong ARN. As you can see below(It is malformed):
{
"Statement": [
{
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:BatchWriteItem"
],
"Resource": [
"arn:aws:dynamodb:ap-south-1:286214033472:table/arn:aws:dynamodb:ap-south-1:286214033472:table/damoLambda-DynamoDBTable-11I5VYQXQKPHH",
"arn:aws:dynamodb:ap-south-1:286214033472:table/arn:aws:dynamodb:ap-south-1:286214033472:table/damoLambda-DynamoDBTable-11I5VYQXQKPHH/index/*"
],
"Effect": "Allow"
}
]
}
DynamoDB Table itself is created by SAM template and refered in lambda policy section, As below:
TestFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: FileExtractorFunction
Handler: helloworld.App::handleRequest
Runtime: java8
MemorySize: 512
Policies:
- CloudWatchPutMetricPolicy: {}
- S3ReadPolicy:
BucketName: !Ref S3BucketName
- DynamoDBWritePolicy:
TableName: !GetAtt DynamoDBTable.Arn
Environment:
Variables:
DynamoDB_Table_Name: !Ref DynamoDBTable
........................................
........................................
........................................
DynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 5
WriteCapacityUnits: 5
Apart of Policy section everything works as intended.
For Policy Section, I am not sure that it is a AWS bug or I am doing something wrong.
Version? its not clear what is the issue you are referring to. - Marcin